The final salary or hourly wage, as applicable, paid to each candidate/applicant for this position is ultimately dependent on a variety of factors, including, but not limited to, the candidate’s/applicant’s qualifications, skills, and level of experience as well as the geographical location of the position.

Applicants must be legally authorized to work in the United States. Sponsorship not available.

Our client is seeking a Lead Risk and Control Analyst in Vienna, VA.

Role Description
The Security Risk Assessment Lead Risk & Control Analyst supports Security Governance and Risk Division in effectively managing the 1st Line of Defense internal control environment through the execution of the Risk Control Self-Assessment (“RCSA”) program. In collaboration with business process owners the lead role proactively builds and maintains process maps and risk and control matrices to identify, assess, monitor, update and report out operational risks. This role includes effective partnership with risk partners and process owners within Information Security and throughout the enterprise as RCSAs are coordinated, facilitated, completed and reviewed. The Lead will also partner with Control Testing and Issue and Event Management functions within the 1st Line Security Governance and Risk Management Line of Business.

• Partner with stakeholders, including process owners and control officers, to document processes (via process flows), risks and controls, enhance control language, and assist to develop/maintain test scripts that validate controls are being performed in compliance with policies, standards, procedures, and other requirements to mitigate fraud, physical security, BSA/AML, and sanctions compliance risk
• Support the execution of front line controls, self-assurance, and risk assessment activities (ad-hoc controls review, business process management (BPM), risk control self-assessment (RCSA), and independent risk and audit activities as directed
• Provide ongoing assessment of Security’s risk profile through regular monitoring and status reporting of risks, issues, events and initiatives within core processes
• Support iterative review and challenge of assessment results, working with appropriate stakeholders across the lines of defense
• Perform and facilitate the collection, review and assimilation of RCSA assessment data and reporting into concise and meaningful reports
• Assess exposure to risk, measure operational risk against ERM frameworks, assist establishing policies and procedures to minimize risk, identify ways to protect the organization from data loss and reputational damage
• Coordinate efforts with Security’s Issues and Events Management and Control Testing functions, to continually update control effectiveness and residual risk rating of Security’s business processes as needed
• Support implementation for change management needs with appropriate personnel within the Division and/or across divisional lines
• Monitor and oversee the progress of risk assessments; address and resolve complex issues
• Assist with Operational Risk event remediation efforts when needed
• Serve as a subject matter expert with internal and external auditors (e.g., NCUA, CFPB, and contracted third parties) to address and resolve audit questions and findings relative to core process risk management
• Support the testing of control design and the testing of control effectiveness for assigned areas as needed
• Identify areas of improvement in existing process, methodology, and policies. Identify gaps and recommend enhancements. Drive, adopt and enforce best practices in report templates and tools
• Coordinate required meetings, reviews and scheduling needs
• Perform other duties as assigned

Skills & Requirements

• Degree in Business Administration, Economics, Mathematics, Computer Science, Engineering, Auditing, Law or related field or equivalent combination of training, education and experience
• Advanced knowledge and understanding of risk-based auditing techniques and methodologies
• Advanced knowledge of operational risk controls, concepts and practices and/or InfoSec specific frameworks
• Ability to comprehend, analyze, interpret, communicate and apply government and financial industry regulations related principles and practices, and company instructions, procedures and policies
• Ability to work independently and in a team environment
• ORM, CISA, CISSM, CSPO, CDSPE certifications
• Lean Six Sigma Black Belt or equivalent process mapping experience
• Advanced knowledge of state and Federal laws; industry regulations, principles, and practices; and company policies that govern the business unit’s products/services
• Experience as a lead to other risk and control analysts
• 60/40 RCSA and fraud (anti money laundering)
• Extensive experience executing RCSA (risk control self-assessment) programs within ENTERPRISE level environment
• Advanced knowledge and understanding of risk-based auditing techniques and methodologies
• Advanced knowledge of operational risk controls, concepts and practices and/or InfoSec specific frameworks
• Experience working across all areas of risk management
• EXCELLENT comm skills - need someone who can effectively speak, present, write, etc. to stakeholders and business owners across NFCU
• 10+ years risk management experience
• Financial industry experience

Benefits/Other Compensation

This position is a contract/temporary role where Hays offers you the opportunity to enroll in full medical benefits, dental benefits, vision benefits, 401K and Life Insurance ($20,000 benefit).

Why Hays?

You will be working with a professional recruiter who has intimate knowledge of the industry and market trends. Your Hays recruiter will lead you through a thorough screening process in order to understand your skills, experience, needs, and drivers. You will also get support on resume writing, interview tips, and career planning, so when there’s a position you really want, you’re fully prepared to get it.

Nervous about an upcoming interview? Unsure how to write a new resume?

Visit the Hays Career Advice section to learn top tips to help you stand out from the crowd when job hunting.

Hays is committed to building a thriving culture of diversity that embraces people with different backgrounds, perspectives, and experiences. We believe that the more inclusive we are, the better we serve our candidates, clients, and employees. We are an equal employment opportunity employer, and we comply with all applicable laws prohibiting discrimination based on race, color, creed, sex (including pregnancy, sexual orientation, or gender identity), age, national origin or ancestry, physical or mental disability, veteran status, marital status, genetic information, HIV-positive status, as well as any other characteristic protected by federal, state, or local law. One of Hays’ guiding principles is ‘do the right thing’.
We also believe that actions speak louder than words.
In that regard, we train our staff on ensuring inclusivity throughout the entire recruitment process and counsel our clients on these principles. If you have any questions about Hays or any of our processes, please contact us.

In accordance with applicable federal, state, and local law protecting qualified individuals with known disabilities, Hays will attempt to reasonably accommodate those individuals unless doing so would create an undue hardship on the company. Any qualified applicant or consultant with a disability who requires an accommodation in order to perform the essential functions of the job should call or text 813.336.5570.

Drug testing may be required; please contact a recruiter for more information.

#LI-DNI